Initial commit
This commit is contained in:
parent
a6a0b16300
commit
019c139a5c
|
@ -0,0 +1,13 @@
|
||||||
|
|
||||||
|
# WARN: this file will get overwritten by $ cachix use <name>
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
folder = ./cachix;
|
||||||
|
toImport = name: value: folder + ("/" + name);
|
||||||
|
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
|
||||||
|
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
|
||||||
|
in {
|
||||||
|
inherit imports;
|
||||||
|
nix.settings.substituters = ["https://cache.nixos.org/"];
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
|
||||||
|
{
|
||||||
|
nix = {
|
||||||
|
settings = {
|
||||||
|
substituters = [
|
||||||
|
"https://cuda-maintainers.cachix.org"
|
||||||
|
];
|
||||||
|
trusted-public-keys = [
|
||||||
|
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -6,57 +6,42 @@
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default
|
system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default
|
||||||
|
|
||||||
nix.distributedBuilds = true;
|
# TODO: can i make this non-string?
|
||||||
# useful when the builder has a faster internet connection than i do
|
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
builders-use-substitutes = true
|
|
||||||
'';
|
'';
|
||||||
nix.buildMachines = [
|
|
||||||
/**/
|
# TODO: move to pbsds home
|
||||||
{
|
programs.ssh.extraConfig = ''
|
||||||
system = "x86_64-linux"; # can be a list
|
Host *.ntnu.no *.pvv.org
|
||||||
hostName = "rocm.pbsds.net";
|
User pederbs
|
||||||
sshUser = "pbsds";
|
'';
|
||||||
maxJobs = 2;
|
|
||||||
speedFactor = 2;
|
|
||||||
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
|
||||||
#mandatoryFeatures = [ ];
|
|
||||||
}
|
|
||||||
/**/
|
|
||||||
/**/
|
|
||||||
{
|
|
||||||
system = "x86_64-linux"; # can be a list
|
|
||||||
hostName = "isvegg.pvv.ntnu.no";
|
|
||||||
sshUser = "pederbs";
|
|
||||||
maxJobs = 1;
|
|
||||||
speedFactor = 1;
|
|
||||||
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
|
||||||
#mandatoryFeatures = [ ];
|
|
||||||
}
|
|
||||||
/**/
|
|
||||||
];
|
|
||||||
|
|
||||||
# deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
# deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
||||||
nix.settings.auto-optimise-store = true;
|
nix.settings.auto-optimise-store = true;
|
||||||
#nix.optimize.automatic = true; # periodic optimization
|
#nix.optimize.automatic = true; # periodic optimization
|
||||||
nix.gc = {
|
nix.gc.automatic = true;
|
||||||
automatic = true;
|
nix.gc.dates = "weekly";
|
||||||
dates = "weekly";
|
nix.gc.options = "--delete-older-than 30d";
|
||||||
options = "--delete-older-than 30d";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# How to override package used by module
|
|
||||||
# https://github.com/NixOS/nixpkgs/issues/55366
|
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix # results of hardware scan
|
./hardware-configuration.nix # results of hardware scan
|
||||||
|
./cachix.nix
|
||||||
|
|
||||||
./profiles/nas # add NAS services
|
./profiles/nas # add NAS services
|
||||||
./profiles/websites
|
./profiles/websites
|
||||||
./profiles/code-remote
|
./profiles/code-remote
|
||||||
./users
|
./profiles/remote-builders #
|
||||||
|
./profiles/nfs-reidun # NFS mounts
|
||||||
|
./profiles/autossh-reverse-tunnels
|
||||||
|
#./profiles/xrdp
|
||||||
|
|
||||||
|
./users
|
||||||
|
#./users/pbsds # todo: <- make this possible
|
||||||
|
|
||||||
|
# How to override package used by module
|
||||||
|
# https://github.com/NixOS/nixpkgs/issues/55366
|
||||||
|
# TODO: move to where relevant
|
||||||
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
||||||
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
||||||
];
|
];
|
||||||
|
@ -67,17 +52,15 @@
|
||||||
services.jellyfin.package = pkgs.unstable.jellyfin;
|
services.jellyfin.package = pkgs.unstable.jellyfin;
|
||||||
services.invidious.package = pkgs.unstable.invidious;
|
services.invidious.package = pkgs.unstable.invidious;
|
||||||
|
|
||||||
nixpkgs.overlays = [
|
# TODO: remove? Move to where relevant
|
||||||
(import ./overlays)
|
nixpkgs.overlays = [ (import ./overlays) ];
|
||||||
];
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Allow unstable packages.
|
# Allow unstable packages.
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
unstable = import <nixos-unstable> {
|
unstable = import <nixos-unstable> {
|
||||||
config = config.nixpkgs.config;
|
config = config.nixpkgs.config;
|
||||||
};
|
};
|
||||||
|
# TODO: nur
|
||||||
};
|
};
|
||||||
|
|
||||||
# enable opengl (headless)
|
# enable opengl (headless)
|
||||||
|
@ -85,15 +68,19 @@
|
||||||
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
|
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
|
||||||
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
|
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
|
||||||
|
|
||||||
|
|
||||||
# run/build weird binaries
|
# run/build weird binaries
|
||||||
boot.binfmt.emulatedSystems = [
|
boot.binfmt.emulatedSystems = [
|
||||||
"wasm32-wasi"
|
"wasm32-wasi"
|
||||||
|
"wasm64-wasi"
|
||||||
"x86_64-windows"
|
"x86_64-windows"
|
||||||
"aarch64-linux"
|
"aarch64-linux"
|
||||||
"riscv64-linux"
|
"riscv64-linux"
|
||||||
|
#"x86_64-darwin"
|
||||||
|
#"aarch64-darwin"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.thermald.enable = true;
|
||||||
|
|
||||||
# Bootloader
|
# Bootloader
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
|
@ -106,6 +93,7 @@
|
||||||
#services.docker.enable = true;
|
#services.docker.enable = true;
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
|
# TODO: are these default since 22.11?
|
||||||
podman.dockerCompat = true; # alias docker to podman
|
podman.dockerCompat = true; # alias docker to podman
|
||||||
oci-containers.backend = "podman";
|
oci-containers.backend = "podman";
|
||||||
};
|
};
|
||||||
|
@ -117,6 +105,7 @@
|
||||||
# Enable networking
|
# Enable networking
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
#wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
#wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
#iwd.enable = true
|
||||||
|
|
||||||
hostName = "noximilien"; # Define your hostname.
|
hostName = "noximilien"; # Define your hostname.
|
||||||
domain = "pbsds.net";
|
domain = "pbsds.net";
|
||||||
|
@ -135,78 +124,15 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
#useDHCP = true;
|
#useDHCP = true;
|
||||||
|
|
||||||
# Configure network proxy if necessary
|
|
||||||
#proxy.default = "http://user:password@proxy:port/";
|
|
||||||
#proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# firewall
|
||||||
|
services.fail2ban.enable = true;
|
||||||
|
networking.firewall.enable = true; # default
|
||||||
#networking.firewall.allowedTCPPorts = [ ... ];
|
#networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
#networking.firewall.allowedUDPPorts = [ ... ];
|
#networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
# Or disable the firewall altogether.
|
|
||||||
networking.firewall.enable = false; # default is true, TEMP
|
|
||||||
|
|
||||||
|
|
||||||
# NFS mounts
|
|
||||||
|
|
||||||
fileSystems = let
|
|
||||||
mkMount = mountpoint: server: subdir: {
|
|
||||||
"${mountpoint}${subdir}" = {
|
|
||||||
device = "${server}${subdir}";
|
|
||||||
fsType = "nfs";
|
|
||||||
#options = [ "nfsvers=4.2" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# TODO: combine nameValuePair and listToAttrs
|
|
||||||
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
|
|
||||||
in joinSets (
|
|
||||||
(map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
|
|
||||||
""
|
|
||||||
"/Backups"
|
|
||||||
"/Comics"
|
|
||||||
"/Downloads"
|
|
||||||
"/Games"
|
|
||||||
"/Games/Installable"
|
|
||||||
"/Games/Portable"
|
|
||||||
"/Games/ROMs"
|
|
||||||
"/ISO"
|
|
||||||
"/Images"
|
|
||||||
"/Images/Collections"
|
|
||||||
"/Images/Memes"
|
|
||||||
"/Images/Pictures"
|
|
||||||
"/Images/Wallpapers"
|
|
||||||
"/Music"
|
|
||||||
"/Music/Albums"
|
|
||||||
"/Music/Kancolle"
|
|
||||||
"/Music/OST"
|
|
||||||
"/Music/Old"
|
|
||||||
"/Music/Touhou"
|
|
||||||
"/Music/Vocaloid"
|
|
||||||
"/Music/dojin.co"
|
|
||||||
"/Various"
|
|
||||||
"/Various/Zotero"
|
|
||||||
"/Various/resilio"
|
|
||||||
"/Video"
|
|
||||||
"/Video/Anime"
|
|
||||||
"/Video/Concerts"
|
|
||||||
"/Video/Documentaries"
|
|
||||||
"/Video/Movies"
|
|
||||||
"/Video/Musicvideos"
|
|
||||||
"/Video/Series"
|
|
||||||
"/Video/Talks"
|
|
||||||
"/Work"
|
|
||||||
"/Work/Documents"
|
|
||||||
#"/Work/FL Studio" # broken, maybe due to the space?
|
|
||||||
"/Work/Programming"
|
|
||||||
"/Work/School"
|
|
||||||
"/pub"
|
|
||||||
]) ++ (map (mkMount "/mnt/meconium" "192.168.1.3:/Meconium" ) [
|
|
||||||
""
|
|
||||||
"/beets_music"
|
|
||||||
])
|
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
# Time zone and internationalisation properties.
|
# Time zone and internationalisation properties.
|
||||||
|
|
||||||
|
@ -223,18 +149,16 @@
|
||||||
LC_TELEPHONE = "nb_NO.utf8";
|
LC_TELEPHONE = "nb_NO.utf8";
|
||||||
LC_TIME = "nb_NO.utf8";
|
LC_TIME = "nb_NO.utf8";
|
||||||
};
|
};
|
||||||
services.xserver = {
|
services.xserver.layout = "no";
|
||||||
# Configure X11 keymap
|
services.xserver.xkbVariant = "";
|
||||||
layout = "no";
|
console.keyMap = "no";
|
||||||
xkbVariant = "";
|
|
||||||
};
|
|
||||||
console.keyMap = "no";# Configure console keymap
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Installed system packages
|
# Installed system packages
|
||||||
# $ nix search FOOBAR
|
# $ nix search FOOBAR
|
||||||
|
|
||||||
|
# TODO: prune this, make home-manager deal with the majority
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
lsof
|
lsof
|
||||||
lshw
|
lshw
|
||||||
|
@ -262,6 +186,7 @@
|
||||||
curl
|
curl
|
||||||
wget
|
wget
|
||||||
strace
|
strace
|
||||||
|
killall
|
||||||
|
|
||||||
zip
|
zip
|
||||||
unrar
|
unrar
|
||||||
|
@ -317,6 +242,7 @@
|
||||||
gh
|
gh
|
||||||
hub
|
hub
|
||||||
|
|
||||||
|
cachix
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
nix-prefetch
|
nix-prefetch
|
||||||
nix-top
|
nix-top
|
||||||
|
@ -336,16 +262,12 @@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# TODO: make this root only?
|
# TODO: make this root only?
|
||||||
programs.bash.shellAliases = {
|
programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro}
|
||||||
ed = "micro"; # TODO: ${EDITOR:-micro}
|
environment.variables."EDITOR" = "micro";
|
||||||
};
|
|
||||||
environment.variables = {
|
|
||||||
EDITOR = "micro";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
# TODO: remove? Move?
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
|
|
||||||
|
|
||||||
# System fonts
|
# System fonts
|
||||||
# Nice to have when X-forwading on headless machines
|
# Nice to have when X-forwading on headless machines
|
||||||
|
|
||||||
|
@ -372,110 +294,34 @@
|
||||||
services.openssh.forwardX11 = true;
|
services.openssh.forwardX11 = true;
|
||||||
|
|
||||||
|
|
||||||
# AutoSSH reverse tunnels
|
|
||||||
|
|
||||||
services.autossh.sessions = let
|
|
||||||
mkSshSession = user: name: host: rport: monitoringPort: {
|
|
||||||
user = user; # local user
|
|
||||||
name = "ssh-reverse-tunnel-${name}-${toString rport}";
|
|
||||||
monitoringPort = monitoringPort;
|
|
||||||
extraArguments = lib.concatStringsSep " " [
|
|
||||||
"-N" # no remote command
|
|
||||||
"-o ServerAliveInterval=10" # check if still alive
|
|
||||||
"-o ServerAliveCountMax=3" # check if still alive
|
|
||||||
"-o ExitOnForwardFailure=yes" # reverse tunnel critical
|
|
||||||
"-R ${toString rport}:127.0.0.1:22" # reverse tunnel
|
|
||||||
host
|
|
||||||
];
|
|
||||||
};
|
|
||||||
in [
|
|
||||||
#(mkSshSession "pbsds" "p7pi" "pi@p7.pbsds.net" 10023 20000) # no mutual signature algorithm
|
|
||||||
(mkSshSession "pbsds" "pbuntu" "pbsds@pbuntu.pbsds.net -p 23" 10023 20002)
|
|
||||||
(mkSshSession "pbsds" "hildring" "pederbs@hildring.pvv.ntnu.no" 25775 20004)
|
|
||||||
];
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# auto domain update
|
# auto domain update
|
||||||
# TODO: use the dyndns endpoint + curl instead
|
|
||||||
|
|
||||||
/**/
|
|
||||||
systemd.services.domeneshop-updater = {
|
systemd.services.domeneshop-updater = {
|
||||||
description = "domene.shop domain updater";
|
description = "domene.shop domain updater";
|
||||||
#after = [ "something?.service" ];
|
#after = [ "something?.service" ];
|
||||||
#wants = [ "something?.service" ];
|
#wants = [ "something?.service" ];
|
||||||
serviceConfig = let
|
serviceConfig = let
|
||||||
env = pkgs.python3.withPackages (ps: with ps; [ pkgs.python3Packages.domeneshop httpx toml ]);
|
prog = pkgs.writeShellApplication {
|
||||||
prog = pkgs.writeScript "domain-updater.py" ''
|
name = "domeneshop-dyndns-updater.sh";
|
||||||
#!${env}/bin/python
|
runtimeInputs = with pkgs; [ curl yq ];
|
||||||
from domeneshop import Client
|
text = ''
|
||||||
import os, httpx, pprint, toml
|
test -s /var/lib/secrets/domeneshop.toml || {
|
||||||
|
>&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!"
|
||||||
def get_pub_ip() -> str:
|
exit 1
|
||||||
for endpoint, getter in {
|
|
||||||
"http://myip.tf": lambda resp: resp.text,
|
|
||||||
"https://ipinfo.io/json": lambda resp: resp.json()["ip"],
|
|
||||||
"https://api.ipify.org": lambda resp: resp.text,
|
|
||||||
"http://ip.42.pl/raw": lambda resp: resp.text,
|
|
||||||
}.items():
|
|
||||||
resp = httpx.get(endpoint)
|
|
||||||
if not resp.is_success: continue
|
|
||||||
try:
|
|
||||||
return resp.json()["ip"]
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
raise Exception("Could not find external IP")
|
|
||||||
|
|
||||||
# https://www.domeneshop.no/admin?view=api
|
|
||||||
with open("/var/lib/secrets/domeneshop.toml") as f:
|
|
||||||
c = toml.load(f)
|
|
||||||
DOMENESHOP_TOKEN = os.environ.get("DOMENESHOP_TOKEN", c["secrets"]["DOMENESHOP_TOKEN"])
|
|
||||||
DOMENESHOP_SECRET = os.environ.get("DOMENESHOP_SECRET", c["secrets"]["DOMENESHOP_SECRET"])
|
|
||||||
IP_ADDRESS = get_pub_ip() # TODO: both ipv4 and ipv6
|
|
||||||
DOMAINS = {
|
|
||||||
"pbsds.net": {
|
|
||||||
"olavtr": ["A"],
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
DOMENESHOP_TOKEN="$(tomlq .secrets.DOMENESHOP_TOKEN /var/lib/secrets/domeneshop.toml --raw-output)"
|
||||||
client = Client(DOMENESHOP_TOKEN, DOMENESHOP_SECRET)
|
DOMENESHOP_SECRET="$(tomlq .secrets.DOMENESHOP_SECRET /var/lib/secrets/domeneshop.toml --raw-output)"
|
||||||
for domain in client.get_domains():
|
curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net
|
||||||
if domain["domain"] not in DOMAINS:
|
|
||||||
continue
|
|
||||||
RECORDS = DOMAINS[domain["domain"]]
|
|
||||||
for record in client.get_records(domain["id"]):
|
|
||||||
if record["host"] in RECORDS \
|
|
||||||
and record["type"] in RECORDS[record["host"]]:
|
|
||||||
print("Found: ", end="")
|
|
||||||
pprint.pprint(record)
|
|
||||||
if record["data"] != IP_ADDRESS:
|
|
||||||
record["data"] = IP_ADDRESS
|
|
||||||
print("Push: ", end="")
|
|
||||||
pprint.pprint(record)
|
|
||||||
client.modify_record(domain_id=domain["id"], record_id=record.pop("id"), record=record)
|
|
||||||
else:
|
|
||||||
print("Nothing done")
|
|
||||||
RECORDS[record["host"]].remove(record["type"])
|
|
||||||
for k, v in list(RECORDS.items()):
|
|
||||||
if not v: RECORDS.pop(k)
|
|
||||||
if not RECORDS: DOMAINS.pop(domain["domain"])
|
|
||||||
if DOMAINS:
|
|
||||||
print("ERROR: The following records were not found:")
|
|
||||||
pprint.pprint(DOMAINS)
|
|
||||||
exit(1)
|
|
||||||
else:
|
|
||||||
print("Success")
|
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
User = "domeneshop";
|
User = "domeneshop";
|
||||||
Group = "domeneshop";
|
Group = "domeneshop";
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
ExecStart = prog;
|
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.timers.domeneshop-updater = let interval = "1d"; in {
|
systemd.timers.domeneshop-updater = let interval = "5h"; in {
|
||||||
description = "Update domene.shop every ${interval}";
|
description = "Update domene.shop every ${interval}";
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
|
@ -484,7 +330,6 @@
|
||||||
Unit = "domeneshop-updater.service";
|
Unit = "domeneshop-updater.service";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
/**/
|
|
||||||
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
@ -493,6 +338,7 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "22.05"; # Did you read the comment?
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
#system.stateVersion = "22.05"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/fa5f2e24-ab42-4a5f-bf8c-be699b980457";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[ { device = "/dev/disk/by-uuid/5b00f5ca-f7a8-4a69-a93b-8e68d9e369e7"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -1,47 +1,46 @@
|
||||||
# https://nixos.wiki/wiki/Overlays
|
# https://nixos.wiki/wiki/Overlays
|
||||||
self: super: # final: prev:
|
|
||||||
let
|
let
|
||||||
|
|
||||||
# WARNING: this works for nixos-rebuild, but not for the nix-build trick shown on the bottom
|
# WARNING: this works for nixos-rebuild, but not for the nix-build trick shown on the bottom
|
||||||
testing = import (fetchTarball {
|
#testing = import (fetchTarball {
|
||||||
name = "pr-180823";
|
# name = "pr-180823";
|
||||||
url = "https://github.com/r-ryantm/nixpkgs/archive/cfe56470cb641985d43adba690d5bca5453110fe.tar.gz";
|
# url = "https://github.com/r-ryantm/nixpkgs/archive/cfe56470cb641985d43adba690d5bca5453110fe.tar.gz";
|
||||||
sha256 = "0rbncjp2a99l6i4z7w2m86l40m33b3dl9qficfny47kqcfpgyx0b";
|
# sha256 = "0rbncjp2a99l6i4z7w2m86l40m33b3dl9qficfny47kqcfpgyx0b";
|
||||||
}) {
|
#}) {
|
||||||
#config = super.config;
|
# #config = prev.config;
|
||||||
};
|
#};
|
||||||
|
|
||||||
overridePythonPackages = old: {
|
overridePythonPackages = old: {
|
||||||
overrides = self: super: {
|
overrides = final: prev: {
|
||||||
|
|
||||||
pdoc = self.callPackage /home/pbsds/repos/nixpkgs-pdoc/pkgs/development/python-modules/pdoc {};
|
#pdoc = final.callPackage /home/pbsds/repos/nixpkgs-pdoc/pkgs/development/python-modules/pdoc { };
|
||||||
|
|
||||||
domeneshop = self.callPackage /home/pbsds/repos/nixpkgs-domemeshop/pkgs/development/python-modules/domeneshop {};
|
#domeneshop = final.callPackage /home/pbsds/repos/nixpkgs-domemeshop/pkgs/development/python-modules/domeneshop { };
|
||||||
|
|
||||||
shap = self.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap {};
|
#shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { };
|
||||||
catboost = self.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost {};
|
#catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { };
|
||||||
analytics-python = self.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python {};
|
analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { };
|
||||||
ffmpy = self.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy {};
|
ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { };
|
||||||
markdown-it-py = self.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py {};
|
markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { };
|
||||||
gradio = self.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio {};
|
gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { };
|
||||||
|
|
||||||
trivial-gradios = self.callPackage ./trivial-gradios {};
|
trivial-gradios = final.callPackage ./trivial-gradios { };
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in { # "final" and "prev"
|
in final: prev: {
|
||||||
|
|
||||||
#kukkee = super.callPackage ./kukkee {};
|
#kukkee = prev.callPackage ./kukkee { };
|
||||||
#rallly = super.callPackage ./rallly {};
|
#rallly = prev.callPackage ./rallly { };
|
||||||
|
|
||||||
#inherit (testing) polaris polaris-web;
|
#polaris = prev.callPackage /home/pbsds/repos/nixpkgs-polaris/pkgs/servers/polaris { };
|
||||||
polaris = super.callPackage /home/pbsds/repos/nixpkgs-polaris/pkgs/servers/polaris {};
|
#polaris-web = prev.callPackage /home/pbsds/repos/nixpkgs-polaris/pkgs/servers/polaris/web.nix { };
|
||||||
polaris-web = super.callPackage /home/pbsds/repos/nixpkgs-polaris/pkgs/servers/polaris/web.nix {};
|
|
||||||
|
|
||||||
mapcrafter = super.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix {};
|
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
|
||||||
mapcrafter-world112 = super.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix {world="world112";};
|
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
|
||||||
|
|
||||||
#python3.pkgs = super.python3.pkgs.override overridePythonPackages;
|
#python3.pkgs = prev.python3.pkgs.override overridePythonPackages;
|
||||||
python3Packages = super.python3Packages.override overridePythonPackages;
|
python3Packages = prev.python3Packages.override overridePythonPackages;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
# AutoSSH reverse tunnels
|
||||||
|
|
||||||
|
services.autossh.sessions = let
|
||||||
|
mkSshSession = {user, name, host, rport, monitoringPort}: {
|
||||||
|
user = user; # local user
|
||||||
|
name = "ssh-reverse-tunnel-${name}-${toString rport}";
|
||||||
|
monitoringPort = monitoringPort;
|
||||||
|
extraArguments = lib.concatStringsSep " " [
|
||||||
|
"-N" # no remote command
|
||||||
|
"-o ServerAliveInterval=10" # check if still alive
|
||||||
|
"-o ServerAliveCountMax=3" # check if still alive
|
||||||
|
"-o ExitOnForwardFailure=yes" # reverse tunnel critical
|
||||||
|
"-R ${toString rport}:127.0.0.1:22" # reverse tunnel
|
||||||
|
host
|
||||||
|
];
|
||||||
|
};
|
||||||
|
in [
|
||||||
|
#(mkSshSession {user="root"; name="p7rpi"; host="pi@p7.pbsds.net"; rport=10023; monitoringPort=20000; }) # no mutual signature algorithm
|
||||||
|
(mkSshSession {user="root"; name="pbuntu"; host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; })
|
||||||
|
(mkSshSession {user="root"; name="hildring"; host="pederbs@hildring.pvv.ntnu.no"; rport=25775; monitoringPort=20004; })
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.ssh.knownHosts = {
|
||||||
|
# fetch with `ssh-keyscan`
|
||||||
|
"[pbuntu.pbsds.net]:23".publicKey
|
||||||
|
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFiAq96DANRP90fBTknL9VagN0HB8O+S6qD17iC8caE3uZ6Wq5a3gpCr/s0T/Cbf8exNYn3zpdLUUUSngN6gMeA=";
|
||||||
|
"p7.pbsds.net".publicKey
|
||||||
|
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMn1GtMCK2T3LoSfwer0VKCTDO2DHYcf7L41YmWda4fObMZk1VJtjV7wn7EsYkpbHUwkeZCd9DcOb7aYwr0OHLU=";
|
||||||
|
"hildring.pvv.ntnu.no".publicKey
|
||||||
|
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
|
||||||
|
};
|
||||||
|
#programs.ssh.extraConfig = ''
|
||||||
|
#'';
|
||||||
|
|
||||||
|
}
|
|
@ -1,14 +1,24 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
# TODO:
|
||||||
|
# * [ ] fix network sandboxing, so the container cant access localhost services on host
|
||||||
|
# * [ ] automatically pull the repo on boot, do i need keys for that?
|
||||||
|
# * [ ] generate a ssh key if not existing
|
||||||
|
# * [ ] attempt to pull, otherwise print the ssh-pubkey
|
||||||
|
# * [ ] Make vscode default to our repo
|
||||||
|
# * [ ] customize the shit out of vscode
|
||||||
|
|
||||||
let
|
let
|
||||||
domain = "${config.networking.hostName}.${config.networking.domain}";
|
domain = "${config.networking.hostName}.${config.networking.domain}";
|
||||||
mkDomain = subname: "${subname}.${domain}";
|
mkDomain = subname: "${subname}.${domain}";
|
||||||
cnt = config.containers.code-server-theo.config;
|
container-name = "code-server-pandoc";
|
||||||
|
cnt = config.containers.${container-name}.config;
|
||||||
in {
|
in {
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
internalInterfaces = ["ve-+"];
|
internalInterfaces = ["ve-+"];
|
||||||
externalInterface = "eno1"; # TODO: can i make this dynamic?
|
externalInterface = "eno1"; # TODO: can i make this automatic?
|
||||||
|
#enableIPv6 = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
#imports = [
|
#imports = [
|
||||||
|
@ -18,12 +28,11 @@ in {
|
||||||
# "virtualisation/nixos-containers.nix"
|
# "virtualisation/nixos-containers.nix"
|
||||||
#];
|
#];
|
||||||
|
|
||||||
# data can be destroyed with `nixos-container destroy code-server-theo`
|
# data can be destroyed with `nixos-container destroy code-server-pandoc`
|
||||||
containers.code-server-theo = {
|
containers.${container-name} = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
# container has no network access
|
# container has no network access
|
||||||
#
|
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostAddress = "10.240.100.2";
|
hostAddress = "10.240.100.2";
|
||||||
localAddress = "10.240.100.3";
|
localAddress = "10.240.100.3";
|
||||||
|
@ -41,7 +50,7 @@ in {
|
||||||
# hostPath = "/var/lib/code-server";
|
# hostPath = "/var/lib/code-server";
|
||||||
# isReadOnly = false;
|
# isReadOnly = false;
|
||||||
#};
|
#};
|
||||||
config = { config, pkgs, ... }: {
|
config = { config, pkgs, lib, ... }: {
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
#imports = [ <home-manager/nixos> ];
|
#imports = [ <home-manager/nixos> ];
|
||||||
|
@ -49,23 +58,54 @@ in {
|
||||||
#home-manager.useGlobalPkgs = true; # brrr
|
#home-manager.useGlobalPkgs = true; # brrr
|
||||||
#home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
|
#home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
|
||||||
# programs.git.enable = true;
|
# programs.git.enable = true;
|
||||||
# programs.git.userName = "Theoharis Theoharis";
|
# programs.git.userName = "Noximilien code-server";
|
||||||
# programs.git.userEmail = "theotheo@ntnu.no";
|
# programs.git.userEmail = "theotheo@ntnu.no";
|
||||||
#};
|
#};
|
||||||
|
|
||||||
|
systemd.services.initial-setup = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
# TODO: run as the correct user
|
||||||
|
serviceConfig.User = config.services.code-server.user;
|
||||||
|
serviceConfig.Group = config.services.code-server.group;
|
||||||
|
# TODO: make the ssh key comment automatic
|
||||||
|
script = ''
|
||||||
|
test -s "$HOME/.ssh/id_rsa.pub" || {
|
||||||
|
mkdir "$HOME/.ssh"
|
||||||
|
echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@noximilien" -f "$HOME/.ssh/id_ed25519"
|
||||||
|
echo
|
||||||
|
echo "You pubkey is:"
|
||||||
|
cat "$HOME/.ssh/id_ed25519.pub"
|
||||||
|
echo
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
|
||||||
|
#${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)"
|
||||||
|
|
||||||
|
test -d "$HOME/repos/papers" || {
|
||||||
|
mkdir -p "$HOME/repos"
|
||||||
|
${pkgs.git}/bin/git clone git@github.com:pbsds/papers.git
|
||||||
|
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
services.code-server = {
|
services.code-server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
host = "0.0.0.0"; # container
|
host = "0.0.0.0"; # container
|
||||||
port = 53754;
|
port = 53754;
|
||||||
# if you don't care about security: https://argon2.online/
|
#user = "code-server";
|
||||||
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg";
|
#group = "code.server";
|
||||||
|
# a nice tool if you don't care about security: https://argon2.online/
|
||||||
|
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2
|
||||||
package = pkgs.vscode-with-extensions.override {
|
package = pkgs.vscode-with-extensions.override {
|
||||||
vscode = pkgs.code-server.overrideAttrs (old: {
|
vscode = pkgs.code-server.overrideAttrs (old: {
|
||||||
|
# vscode-with-extensions compatibility
|
||||||
|
# https://github.com/NixOS/nixpkgs/pull/192889
|
||||||
passthru.executableName = "code-server";
|
passthru.executableName = "code-server";
|
||||||
passthru.longName = "Visual Studio Code Server";
|
passthru.longName = "Visual Studio Code Server";
|
||||||
});
|
});
|
||||||
#vscodeExtensions = vscode-extensions; [
|
#vscodeExtensions = with (import <nixos-unstable> {}).vscode-extensions; [
|
||||||
vscodeExtensions = with (import <nixos-unstable> {}).vscode-extensions; [
|
vscodeExtensions = with pkgs.vscode-extensions; [
|
||||||
shd101wyy.markdown-preview-enhanced
|
shd101wyy.markdown-preview-enhanced
|
||||||
sanaajani.taskrunnercode
|
sanaajani.taskrunnercode
|
||||||
tomoki1207.pdf
|
tomoki1207.pdf
|
||||||
|
@ -115,6 +155,7 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
extraPackages = with pkgs; [
|
extraPackages = with pkgs; [
|
||||||
|
# based on https://github.com/pbsds/papers/blob/main/shell.nix
|
||||||
(writeShellScriptBin "pandoc" ''
|
(writeShellScriptBin "pandoc" ''
|
||||||
export XDG_DATA_HOME=${pandoc-lua-filters}/share
|
export XDG_DATA_HOME=${pandoc-lua-filters}/share
|
||||||
exec ${pandoc}/bin/pandoc "$@"
|
exec ${pandoc}/bin/pandoc "$@"
|
||||||
|
@ -136,11 +177,26 @@ in {
|
||||||
;
|
;
|
||||||
})
|
})
|
||||||
|
|
||||||
|
(python310.withPackages (ps: with ps; [
|
||||||
|
python-lsp-server
|
||||||
|
numpy
|
||||||
|
matplotlib
|
||||||
|
imageio
|
||||||
|
#(callPackage ./nix-modules/pytikz.nix { })
|
||||||
|
#(callPackage ./nix-modules/pyrender.nix { })
|
||||||
|
]))
|
||||||
|
|
||||||
pandoc-imagine
|
pandoc-imagine
|
||||||
haskellPackages.pandoc-crossref
|
haskellPackages.pandoc-crossref
|
||||||
#haskellPackages.pandoc-plot
|
#haskellPackages.pandoc-plot
|
||||||
#pandoc-plantuml-filter nodePackages.mermaid-cli
|
#pandoc-plantuml-filter nodePackages.mermaid-cli
|
||||||
|
|
||||||
|
# tikz stuff
|
||||||
|
imagemagick
|
||||||
|
drawio-headless
|
||||||
|
openscad
|
||||||
|
#curv
|
||||||
|
|
||||||
bash
|
bash
|
||||||
git
|
git
|
||||||
bat
|
bat
|
||||||
|
@ -148,13 +204,6 @@ in {
|
||||||
boxes
|
boxes
|
||||||
graphviz
|
graphviz
|
||||||
#python3Packages.cairosvg
|
#python3Packages.cairosvg
|
||||||
|
|
||||||
(python3.withPackages (ps: with ps; [
|
|
||||||
numpy
|
|
||||||
matplotlib
|
|
||||||
#python-lsp-server
|
|
||||||
]))
|
|
||||||
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -165,6 +214,8 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Manually configure nameserver. Using resolved inside the container seems to fail currently
|
||||||
|
#environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -174,10 +225,9 @@ in {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
#proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
|
#proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
|
||||||
#proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
|
#proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
|
||||||
proxyPass = "http://${config.containers.code-server-theo.localAddress}:${toString cnt.services.code-server.port}";
|
proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString cnt.services.code-server.port}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,113 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
domain = "${config.networking.hostName}.${config.networking.domain}";
|
||||||
|
mkDomain = subname: "${subname}.${domain}";
|
||||||
|
cnt = config.containers.vscode-remote-test.config;
|
||||||
|
in {
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
internalInterfaces = ["ve-+"];
|
||||||
|
externalInterface = "eno1"; # TODO: can i make this dynamic?
|
||||||
|
};
|
||||||
|
|
||||||
|
#imports = [
|
||||||
|
# "/home/pbsds/repos/nixpkgs-trees/containers-mkdir/nixos/modules/virtualisation/nixos-containers.nix"
|
||||||
|
#];
|
||||||
|
#disabledModules = [
|
||||||
|
# "virtualisation/nixos-containers.nix"
|
||||||
|
#];
|
||||||
|
|
||||||
|
containers.vscode-remote-test = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.240.100.2";
|
||||||
|
localAddress = "10.240.100.3";
|
||||||
|
#bindMounts."/home" = {
|
||||||
|
# hostPath = "/var/lib/code-server";
|
||||||
|
# isReadOnly = false;
|
||||||
|
#};
|
||||||
|
config = { config, pkgs, ... }: {
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
imports = [ <home-manager/nixos> ];
|
||||||
|
home-manager.useUserPackages = true; # install to /etc instead of ~/.nix-profile, needed for containers
|
||||||
|
home-manager.useGlobalPkgs = true; # brrr
|
||||||
|
|
||||||
|
home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
|
||||||
|
programs.git.enable = true;
|
||||||
|
programs.git.userName = "Theoharis Theoharis";
|
||||||
|
programs.git.userEmail = "theotheo@ntnu.no";
|
||||||
|
programs.vscode.extensions = with pkgs.vscode-extensions; [
|
||||||
|
shd101wyy.markdown-preview-enhanced
|
||||||
|
sanaajani.taskrunnercode
|
||||||
|
tomoki1207.pdf
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.code-server = {
|
||||||
|
enable = true;
|
||||||
|
port = 53754;
|
||||||
|
# if you don't care about security: https://argon2.online/
|
||||||
|
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg";
|
||||||
|
extraPackages = with pkgs; [
|
||||||
|
(writeShellScriptBin "pandoc" ''
|
||||||
|
export XDG_DATA_HOME=${pandoc-lua-filters}/share
|
||||||
|
exec ${pandoc}/bin/pandoc "$@"
|
||||||
|
'')
|
||||||
|
|
||||||
|
(texlive.combine {
|
||||||
|
inherit (texlive)
|
||||||
|
scheme-small
|
||||||
|
titlesec
|
||||||
|
fontaxes
|
||||||
|
supertabular
|
||||||
|
xtab
|
||||||
|
# boxed quotes
|
||||||
|
mdframed
|
||||||
|
zref
|
||||||
|
needspace
|
||||||
|
soul
|
||||||
|
atkinson
|
||||||
|
;})
|
||||||
|
|
||||||
|
pandoc-imagine
|
||||||
|
haskellPackages.pandoc-crossref
|
||||||
|
#haskellPackages.pandoc-plot
|
||||||
|
#pandoc-plantuml-filter nodePackages.mermaid-cli
|
||||||
|
|
||||||
|
bash
|
||||||
|
bat
|
||||||
|
gnumake
|
||||||
|
boxes
|
||||||
|
graphviz
|
||||||
|
#python3Packages.cairosvg
|
||||||
|
|
||||||
|
(python3.withPackages (ps: with ps; [
|
||||||
|
numpy
|
||||||
|
matplotlib
|
||||||
|
#python-lsp-server
|
||||||
|
]))
|
||||||
|
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
#networking.firewall = {
|
||||||
|
# enable = true;
|
||||||
|
# allowedTCPPorts = [ 80 ];
|
||||||
|
#};
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${mkDomain "code-remote"} = {
|
||||||
|
forceSSL = true; # addSSL = true;
|
||||||
|
enableACME = true; #useACMEHost = acmeDomain;
|
||||||
|
locations."/" = {
|
||||||
|
#proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
|
||||||
|
proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -16,10 +16,20 @@ in
|
||||||
with builtins; {
|
with builtins; {
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./modules/webhook.nix
|
|
||||||
#./modules/kukkee.nix
|
#./modules/kukkee.nix
|
||||||
<nixos-unstable/nixos/modules/services/misc/polaris.nix>
|
|
||||||
#/home/pbsds/repos/nixpkgs-polaris/nixos/modules/services/misc/polaris.nix
|
#<nixos-unstable/nixos/modules/services/misc/polaris.nix>
|
||||||
|
#/home/pbsds/repos/nixpkgs-trees/polaris/nixos/modules/services/misc/polaris.nix
|
||||||
|
/home/pbsds/repos/nixpkgs/polaris-14/nixos/modules/services/misc/polaris.nix
|
||||||
|
];
|
||||||
|
disabledModules = [
|
||||||
|
"services/misc/polaris.nix"
|
||||||
|
];
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(final: prev: {
|
||||||
|
polaris = prev.callPackage /home/pbsds/repos/nixpkgs/polaris-14/pkgs/servers/polaris { };
|
||||||
|
polaris-web = prev.callPackage /home/pbsds/repos/nixpkgs/polaris-14/pkgs/servers/polaris/web.nix { };
|
||||||
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
|
@ -46,6 +56,7 @@ with builtins; {
|
||||||
|
|
||||||
|
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
|
||||||
# Website tunnel
|
# Website tunnel
|
||||||
|
@ -219,12 +230,12 @@ with builtins; {
|
||||||
services.grafana = rec {
|
services.grafana = rec {
|
||||||
#enable = true;
|
#enable = true;
|
||||||
#addr = "127.0.0.1";
|
#addr = "127.0.0.1";
|
||||||
addr = "0.0.0.0";
|
settings.server.http_addr = "0.0.0.0";
|
||||||
port = 3000;
|
settings.server.http_port = 3000;
|
||||||
domain = mkDomain "grafana";
|
settings.server.domain = mkDomain "grafana";
|
||||||
#rootUrl = "https://${domain}/grafana/"; # Not needed if it is `https://your.domain/`
|
#rootUrl = "https://${domain}/grafana/"; # Not needed if it is `https://your.domain/`
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."${config.services.grafana.domain}" = lib.mkIf config.services.grafana.enable {
|
services.nginx.virtualHosts."${config.services.grafana.settings.server.domain}" = lib.mkIf config.services.grafana.enable {
|
||||||
forceSSL = true; # addSSL = true;
|
forceSSL = true; # addSSL = true;
|
||||||
enableACME = true; #useACMEHost = acmeDomain;
|
enableACME = true; #useACMEHost = acmeDomain;
|
||||||
#locations."/grafana/" = {
|
#locations."/grafana/" = {
|
||||||
|
@ -258,7 +269,8 @@ with builtins; {
|
||||||
|
|
||||||
# Cryptpad
|
# Cryptpad
|
||||||
# A collaborative office suite that is end-to-end encrypted and open-source.
|
# A collaborative office suite that is end-to-end encrypted and open-source.
|
||||||
|
# TODO: https://github.com/NixOS/nixpkgs/pull/180066
|
||||||
|
/*
|
||||||
services.cryptpad = {
|
services.cryptpad = {
|
||||||
#enable = true; # current node version used is marked insecure
|
#enable = true; # current node version used is marked insecure
|
||||||
# reference: https://github.com/xwiki-labs/cryptpad/blob/main/config/config.example.js
|
# reference: https://github.com/xwiki-labs/cryptpad/blob/main/config/config.example.js
|
||||||
|
@ -305,7 +317,7 @@ with builtins; {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
# Jellyfin
|
# Jellyfin
|
||||||
|
@ -320,12 +332,14 @@ with builtins; {
|
||||||
openFirewall = false; # I do it manually below:
|
openFirewall = false; # I do it manually below:
|
||||||
# TODO: configure initial collections and extensions
|
# TODO: configure initial collections and extensions
|
||||||
};
|
};
|
||||||
# firewall
|
# firewall - not needed?
|
||||||
networking.firewall = lib.mkIf config.service.jellyfin.enable {
|
/*
|
||||||
|
networking.firewall = lib.mkIf config.services.jellyfin.enable {
|
||||||
# TODO: does this overwrite rules set by other stuff? should i use ++ ?
|
# TODO: does this overwrite rules set by other stuff? should i use ++ ?
|
||||||
#allowedTCPPorts = [ 8096 8920 ];
|
#allowedTCPPorts = [ 8096 8920 ];
|
||||||
allowedUDPPorts = [ 1900 7359 ]; # TODO: Only if behind a NAT?
|
allowedUDPPorts = [ 1900 7359 ]; # TODO: Only if behind a NAT?
|
||||||
};
|
};
|
||||||
|
*/
|
||||||
services.nginx.virtualHosts.${mkDomain "jellyfin"} = lib.mkIf config.services.jellyfin.enable {
|
services.nginx.virtualHosts.${mkDomain "jellyfin"} = lib.mkIf config.services.jellyfin.enable {
|
||||||
forceSSL = true; # addSSL = true;
|
forceSSL = true; # addSSL = true;
|
||||||
enableACME = true; #useACMEHost = acmeDomain;
|
enableACME = true; #useACMEHost = acmeDomain;
|
||||||
|
@ -335,6 +349,7 @@ with builtins; {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# Hardware acceleration
|
# Hardware acceleration
|
||||||
|
# https://nixos.wiki/wiki/Jellyfin
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||||
};
|
};
|
||||||
|
@ -345,6 +360,7 @@ with builtins; {
|
||||||
vaapiIntel
|
vaapiIntel
|
||||||
vaapiVdpau
|
vaapiVdpau
|
||||||
libvdpau-va-gl
|
libvdpau-va-gl
|
||||||
|
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
# Allow Jellyfin access to VAAPI
|
# Allow Jellyfin access to VAAPI
|
||||||
|
@ -392,20 +408,20 @@ with builtins; {
|
||||||
#user = "pbsds";
|
#user = "pbsds";
|
||||||
#group = "users";
|
#group = "users";
|
||||||
port = 7890;
|
port = 7890;
|
||||||
package = pkgs.unstable.polaris; # instead of my overlay, TODO: move that overlay here
|
#package = pkgs.unstable.polaris; # instead of my overlay, TODO: move that overlay here
|
||||||
settings = {
|
settings = {
|
||||||
settings.reindex_every_n_seconds = 7*24*60*60; # weekly, default is 1800, i.e. hourly
|
settings.reindex_every_n_seconds = 7*24*60*60; # weekly, default is 1800, i.e. hourly
|
||||||
settings.album_art_pattern =
|
settings.album_art_pattern =
|
||||||
"([Cc]over|COVER|[Ff]older|FOLDER|[Ff]ront|FRONT)\.(jpeg|JPEG|jpg|JPG|png|PNG|bmp|BMP|gif|GIF)";
|
"([Cc]over|COVER|[Ff]older|FOLDER|[Ff]ront|FRONT)\.(jpeg|JPEG|jpg|JPG|png|PNG|bmp|BMP|gif|GIF)";
|
||||||
#"(?i)(cover|folder|front)\.(jpeg|jpg|png|bmp|gif)";
|
#"(?i)(cover|folder|front)\.(jpeg|jpg|png|bmp|gif)";
|
||||||
mount_dirs = [
|
mount_dirs = [
|
||||||
{ source = "/mnt/reidun/Music/Albums"; name = "Albums"; }
|
{ name = "Albums"; source = "/mnt/reidun/Music/Albums"; }
|
||||||
{ source = "/mnt/reidun/Music/dojin.co"; name = "dojin.co"; }
|
{ name = "dojin.co"; source = "/mnt/reidun/Music/dojin.co"; }
|
||||||
{ source = "/mnt/reidun/Music/Vocaloid"; name = "Vocaloid"; }
|
{ name = "Vocaloid"; source = "/mnt/reidun/Music/Vocaloid"; }
|
||||||
{ source = "/mnt/reidun/Music/Touhou"; name = "Touhou"; }
|
{ name = "Touhou"; source = "/mnt/reidun/Music/Touhou"; }
|
||||||
{ source = "/mnt/reidun/Music/OST"; name = "OST"; }
|
{ name = "OST"; source = "/mnt/reidun/Music/OST"; }
|
||||||
{ source = "/mnt/reidun/Music/Kancolle"; name = "Kancolle"; }
|
{ name = "Kancolle"; source = "/mnt/reidun/Music/Kancolle"; }
|
||||||
{ source = "/mnt/reidun/Downloads/music"; name = "Downloads"; }
|
{ name = "Downloads"; source = "/mnt/reidun/Downloads/music"; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -580,42 +596,12 @@ with builtins; {
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
# Webhook
|
|
||||||
# incoming webhook server that executes shell commands
|
|
||||||
|
|
||||||
/**/
|
|
||||||
services.webhook = {
|
|
||||||
enable = true;
|
|
||||||
#listenHost = "0.0.0.0"; # default is "127.0.0.1"
|
|
||||||
listenPort = 7777; # default is 8080
|
|
||||||
urlPrefix = "spismeg"; # default is "hooks"
|
|
||||||
#httpMethods = [ "GET" "POST" ]; # default is [ "POST" ]
|
|
||||||
settings = [
|
|
||||||
{
|
|
||||||
id = "webhook-id";
|
|
||||||
execute-command = pkgs.writeShellScript "webhook-handler.sh" ''
|
|
||||||
echo foobar;
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts.${mkDomain "webhook"} = lib.mkIf config.services.webhook.enable {
|
|
||||||
forceSSL = true; # addSSL = true;
|
|
||||||
enableACME = true; #useACMEHost = acmeDomain;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${toString config.services.webhook.listenPort}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
/**/
|
|
||||||
|
|
||||||
|
|
||||||
# Gitea
|
# Gitea
|
||||||
# Git with a cup of tea
|
# Git with a cup of tea
|
||||||
|
|
||||||
services.gitea = rec {
|
services.gitea = rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
disableRegistration = true; # disable after initial deploy
|
settings.service.DISABLE_REGISTRATION = true; # disable after initial deploy
|
||||||
#https://docs.gitea.io/en-us/config-cheat-sheet/
|
#https://docs.gitea.io/en-us/config-cheat-sheet/
|
||||||
#settings = {
|
#settings = {
|
||||||
# "cron.sync_external_users" = {
|
# "cron.sync_external_users" = {
|
||||||
|
@ -645,7 +631,7 @@ with builtins; {
|
||||||
httpAddress = "127.0.0.1"; # default is "0.0.0.0"
|
httpAddress = "127.0.0.1"; # default is "0.0.0.0"
|
||||||
#extraConfig
|
#extraConfig
|
||||||
#database.type # default is "sqlite3"
|
#database.type # default is "sqlite3"
|
||||||
cookieSecure = true; # default is false, only send cookies over https
|
settings.session.COOKIE_SECURE = true; # default is false, only send cookies over https
|
||||||
#stateDir # default is "/var/lib/gitea"
|
#stateDir # default is "/var/lib/gitea"
|
||||||
#mailerPasswordFile # Path to a file containing the SMTP password
|
#mailerPasswordFile # Path to a file containing the SMTP password
|
||||||
#repositoryRoot # default is "${config.services.gitea.stateDir}/repositories"
|
#repositoryRoot # default is "${config.services.gitea.stateDir}/repositories"
|
||||||
|
@ -1098,19 +1084,19 @@ with builtins; {
|
||||||
|
|
||||||
services.hedgedoc = {
|
services.hedgedoc = {
|
||||||
#enable = true; # FIXME: make it load
|
#enable = true; # FIXME: make it load
|
||||||
configuration.host = "127.0.0.1";
|
settings.host = "127.0.0.1";
|
||||||
configuration.port = 44776;
|
settings.port = 44776;
|
||||||
configuration.db.dialect = "sqlite";
|
settings.db.dialect = "sqlite";
|
||||||
configuration.db.storage = "${config.services.hedgedoc.workDir}/db.hedgedoc.sqlite";
|
settings.db.storage = "${config.services.hedgedoc.workDir}/db.hedgedoc.sqlite";
|
||||||
configuration.domain = mkDomain "hedgedoc";
|
settings.domain = mkDomain "hedgedoc";
|
||||||
configuration.allowAnonymous = true;
|
settings.allowAnonymous = true;
|
||||||
configuration.allowEmailRegister = false; # default is true
|
settings.allowEmailRegister = false; # default is true
|
||||||
configuration.allowAnonymousEdits = false; # default is false
|
settings.allowAnonymousEdits = false; # default is false
|
||||||
configuration.protocolUseSSL = true; # https prefix
|
settings.protocolUseSSL = true; # https prefix
|
||||||
configuration.useSSL = false; # nginx terminates ssl
|
settings.useSSL = false; # nginx terminates ssl
|
||||||
#configuration.csp = {TODO}; # content security policy
|
#settings.csp = {TODO}; # content security policy
|
||||||
#configuration.useCDN = true;
|
#settings.useCDN = true;
|
||||||
#configuration.debug = true;
|
#settings.debug = true;
|
||||||
# there are also a metric fuckton of integration services, like github, twitter, minio, mattermost, dropbox etc.
|
# there are also a metric fuckton of integration services, like github, twitter, minio, mattermost, dropbox etc.
|
||||||
# there are also auth options, like ldap, saml and oauth2
|
# there are also auth options, like ldap, saml and oauth2
|
||||||
};
|
};
|
||||||
|
@ -1118,7 +1104,7 @@ with builtins; {
|
||||||
forceSSL = true; # addSSL = true;
|
forceSSL = true; # addSSL = true;
|
||||||
enableACME = true; #useACMEHost = acmeDomain;
|
enableACME = true; #useACMEHost = acmeDomain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.configuration.port}";
|
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
# TODO: proxy headers:
|
# TODO: proxy headers:
|
||||||
# https://docs.hedgedoc.org/guides/reverse-proxy/
|
# https://docs.hedgedoc.org/guides/reverse-proxy/
|
||||||
|
@ -1186,6 +1172,7 @@ with builtins; {
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# vaultwarden
|
# vaultwarden
|
||||||
# Unofficial Bitwarden compatible server written in Rust
|
# Unofficial Bitwarden compatible server written in Rust
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
fileSystems = let
|
||||||
|
mkMount = mountpoint: server: subdir: {
|
||||||
|
"${mountpoint}${subdir}" = {
|
||||||
|
device = "${server}${subdir}";
|
||||||
|
fsType = "nfs";
|
||||||
|
#options = [ "nfsvers=4.2" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# TODO: combine nameValuePair and listToAttrs
|
||||||
|
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
|
||||||
|
in joinSets (
|
||||||
|
(map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
|
||||||
|
""
|
||||||
|
"/Backups"
|
||||||
|
"/Comics"
|
||||||
|
"/Downloads"
|
||||||
|
"/Games"
|
||||||
|
"/Games/Installable"
|
||||||
|
"/Games/Portable"
|
||||||
|
"/Games/ROMs"
|
||||||
|
"/ISO"
|
||||||
|
"/Images"
|
||||||
|
"/Images/Collections"
|
||||||
|
"/Images/Memes"
|
||||||
|
"/Images/Pictures"
|
||||||
|
"/Images/Wallpapers"
|
||||||
|
"/Music"
|
||||||
|
"/Music/Albums"
|
||||||
|
"/Music/Kancolle"
|
||||||
|
"/Music/OST"
|
||||||
|
"/Music/Old"
|
||||||
|
"/Music/Touhou"
|
||||||
|
"/Music/Vocaloid"
|
||||||
|
"/Music/dojin.co"
|
||||||
|
"/Various"
|
||||||
|
"/Various/Zotero"
|
||||||
|
"/Various/resilio"
|
||||||
|
"/Video"
|
||||||
|
"/Video/Anime"
|
||||||
|
"/Video/Concerts"
|
||||||
|
"/Video/Documentaries"
|
||||||
|
"/Video/Movies"
|
||||||
|
"/Video/Musicvideos"
|
||||||
|
"/Video/Series"
|
||||||
|
"/Video/Talks"
|
||||||
|
"/Work"
|
||||||
|
"/Work/Documents"
|
||||||
|
#"/Work/FL Studio" # broken, maybe due to the space?
|
||||||
|
"/Work/Programming"
|
||||||
|
"/Work/School"
|
||||||
|
"/pub"
|
||||||
|
]) ++ (map (mkMount "/mnt/meconium" "192.168.1.3:/Meconium" ) [
|
||||||
|
""
|
||||||
|
"/beets_music"
|
||||||
|
])
|
||||||
|
);
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,94 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
#supportedFeatures:
|
||||||
|
# - "kvm" - has hypervisor
|
||||||
|
# - "nixos-test" - the same as ^? nixos?
|
||||||
|
# - "benchmark" - has "equal" performance
|
||||||
|
# - "big-parallel" - is beefy, for stuff like llvm
|
||||||
|
|
||||||
|
# TODO: get a binfmt-misc host for cross stuff
|
||||||
|
# add noximilien, filter (hostName != fqdn)
|
||||||
|
|
||||||
|
remotes = [
|
||||||
|
/**/
|
||||||
|
{
|
||||||
|
systems = ["x86_64-linux"];
|
||||||
|
hostName = "rocm.pbsds.net";
|
||||||
|
sshUser = "pbsds";
|
||||||
|
maxJobs = 8;
|
||||||
|
#maxJobs = 4;
|
||||||
|
#maxJobs = 1; # at least for big-parallel
|
||||||
|
speedFactor = 2;
|
||||||
|
supportedFeatures = [ "kvm" "big-parallel" ];
|
||||||
|
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
|
#mandatoryFeatures = [ ];
|
||||||
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we";
|
||||||
|
proxy.user="pederbs";
|
||||||
|
proxy.host="isvegg.pvv.ntnu.no";
|
||||||
|
proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
|
||||||
|
}
|
||||||
|
/**/
|
||||||
|
{
|
||||||
|
systems = ["x86_64-linux"];
|
||||||
|
hostName = "isvegg.pvv.ntnu.no";
|
||||||
|
sshUser = "pederbs";
|
||||||
|
maxJobs = 1;
|
||||||
|
speedFactor = 0;
|
||||||
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
systems = ["x86_64-linux"];
|
||||||
|
hostName = "eirin.pvv.ntnu.no";
|
||||||
|
sshUser = "pederbs";
|
||||||
|
maxJobs = 2;
|
||||||
|
speedFactor = 0;
|
||||||
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
systems = ["x86_64-linux"];
|
||||||
|
hostName = "demiurgen.pvv.ntnu.no";
|
||||||
|
sshUser = "pederbs";
|
||||||
|
maxJobs = 2;
|
||||||
|
speedFactor = 0;
|
||||||
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=";
|
||||||
|
}
|
||||||
|
/**/
|
||||||
|
];
|
||||||
|
|
||||||
|
mkRemoteConfig = {
|
||||||
|
publicKey,# fetch it with `ssh-keyscan`
|
||||||
|
proxy ? null, # schema: { user, host, publicKey }
|
||||||
|
... # the rest follows nix.buildMachines.<NAME> schema
|
||||||
|
}@args:
|
||||||
|
let
|
||||||
|
buildMachine = lib.filterAttrs (key: _: !builtins.elem key ["publicKey" "proxy"]) args; # this should have syntactic sugar: ...@buildMachine
|
||||||
|
in {
|
||||||
|
nix.buildMachines = [ buildMachine ];
|
||||||
|
programs.ssh.knownHosts.${buildMachine.hostName}.publicKey = publicKey;
|
||||||
|
programs.ssh.extraConfig = ''
|
||||||
|
Host ${buildMachine.hostName}
|
||||||
|
ConnectTimeout 3
|
||||||
|
${lib.optionalString (proxy != null) ''
|
||||||
|
ProxyJump ${proxy.user}@${proxy.host}
|
||||||
|
''}
|
||||||
|
'';
|
||||||
|
programs.ssh.knownHosts.${proxy.host or "IGNORE"} = lib.mkIf (proxy != null) { publicKey = proxy.publicKey; };
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
|
||||||
|
# TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0
|
||||||
|
# https://github.com/NixOS/nix/issues/2457
|
||||||
|
|
||||||
|
# useful when the builder has a faster internet connection than i do
|
||||||
|
nix.extraOptions = ''
|
||||||
|
builders-use-substitutes = true
|
||||||
|
'';
|
||||||
|
# TODO: can i make ^ non-string?
|
||||||
|
|
||||||
|
# TIL: this can be a list of configurations and lambdas, not just file paths
|
||||||
|
imports = builtins.map mkRemoteConfig remotes;
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,5 @@
|
||||||
|
* [ ] mv nas/default.nix nas.nix
|
||||||
|
* [ ] mv website/default.nix website.nix
|
||||||
|
* [ ] move each part into web-services, and import them as modules
|
||||||
|
* [ ] make mkDomain a function
|
||||||
|
* [ ] make ACME a function
|
|
@ -11,6 +11,7 @@ in {
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./services/pdoc.nix
|
./services/pdoc.nix
|
||||||
|
#../services/tt-rss.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
|
@ -22,8 +23,8 @@ in {
|
||||||
domain = "gitea.noximilien.pbsds.net";
|
domain = "gitea.noximilien.pbsds.net";
|
||||||
owner = "pbsds";
|
owner = "pbsds";
|
||||||
repo = "links.pbsds.net";
|
repo = "links.pbsds.net";
|
||||||
rev = "fd980f4610f8027b4fc89c506542009f09504085";
|
rev = "61cd605f198a22db87af087fda34c378b03d4306";
|
||||||
hash = "sha256-Iz/lfLkdCLJyyZ/PM9+VCkCG5lYSb9/i4x0ZhranBxc=";
|
hash = "sha256-dx19aTy8K9xkL+cO4r4huYKrlVBZMUkDcbjqxLKe8W4=";
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
#serverAliases = map mkDomain [ "links" ];
|
#serverAliases = map mkDomain [ "links" ];
|
||||||
|
|
|
@ -85,14 +85,15 @@ let
|
||||||
{name="beautifulsoup4"; literal="bs4";}
|
{name="beautifulsoup4"; literal="bs4";}
|
||||||
"hid"
|
"hid"
|
||||||
#{name="hidapi"; literal="hid";}
|
#{name="hidapi"; literal="hid";}
|
||||||
"sanic"
|
#"sanic" # broken build?
|
||||||
"paramiko"
|
"paramiko"
|
||||||
"pydub"
|
"pydub"
|
||||||
"aiohttp"
|
"aiohttp"
|
||||||
|
"papermill"
|
||||||
"rtoml"
|
"rtoml"
|
||||||
"redis"
|
"redis"
|
||||||
"numpy"
|
"numpy"
|
||||||
"domeneshop"
|
#"domeneshop"
|
||||||
"munch"
|
"munch"
|
||||||
"migen"
|
"migen"
|
||||||
"amaranth"
|
"amaranth"
|
||||||
|
@ -109,7 +110,7 @@ let
|
||||||
"peewee"
|
"peewee"
|
||||||
"parsel"
|
"parsel"
|
||||||
"pandas"
|
"pandas"
|
||||||
"mutmut"
|
#"mutmut" # moved to toplevel from python3Packages
|
||||||
"mlflow"
|
"mlflow"
|
||||||
"meshio"
|
"meshio"
|
||||||
#"einops" # depends on tensorflow, which is broken ATM
|
#"einops" # depends on tensorflow, which is broken ATM
|
||||||
|
@ -141,7 +142,7 @@ let
|
||||||
"asyncpg" #"aiopg"
|
"asyncpg" #"aiopg"
|
||||||
{name="libsass"; literal="sass";}
|
{name="libsass"; literal="sass";}
|
||||||
{name="pytorch"; literal="torch";}
|
{name="pytorch"; literal="torch";}
|
||||||
{name="pytorch-lightning"; literal="pytorch_lightning";}
|
#{name="pytorch-lightning"; literal="pytorch_lightning";} # broken build?
|
||||||
{name="pillow"; literal="PIL";}
|
{name="pillow"; literal="PIL";}
|
||||||
"trio"
|
"trio"
|
||||||
"tqdm"
|
"tqdm"
|
||||||
|
@ -160,6 +161,7 @@ let
|
||||||
"imageio"
|
"imageio"
|
||||||
"pygments"
|
"pygments"
|
||||||
"trimesh"
|
"trimesh"
|
||||||
|
"shapely"
|
||||||
#"faiss"
|
#"faiss"
|
||||||
#"geomloss"
|
#"geomloss"
|
||||||
#"mesh_to_sdf"
|
#"mesh_to_sdf"
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# https://nixos.wiki/wiki/Remote_Desktop
|
||||||
|
services.xrdp.enable = true;
|
||||||
|
services.xrdp.openFirewall = true; # TCP only
|
||||||
|
|
||||||
|
services.xserver.enable = true;
|
||||||
|
services.xserver.virtualScreen = { x=1920; y=1080; }; # doesn't work?
|
||||||
|
services.xserver.tty = lib.mkDefault null;
|
||||||
|
|
||||||
|
# https://nixos.wiki/wiki/GNOME
|
||||||
|
|
||||||
|
#services.xserver.displayManager.gdm.enable = true;
|
||||||
|
services.xserver.desktopManager.gnome.enable = true;
|
||||||
|
#services.xrdp.defaultWindowManager = "gdm";
|
||||||
|
#services.xrdp.defaultWindowManager = "gnome-shell";
|
||||||
|
#services.xrdp.defaultWindowManager = "gnome-session";
|
||||||
|
services.xrdp.defaultWindowManager = "${pkgs.gnome.gnome-session}/bin/gnome-session"; # remember to `systemctl restart xrdp-sesman` if you change this
|
||||||
|
programs.dconf.enable = true;
|
||||||
|
}
|
|
@ -6,6 +6,9 @@
|
||||||
./modules/jump.nix
|
./modules/jump.nix
|
||||||
./modules/micro.nix
|
./modules/micro.nix
|
||||||
];
|
];
|
||||||
|
disabledModules = [
|
||||||
|
"programs/micro.nix"
|
||||||
|
];
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
@ -73,6 +76,7 @@
|
||||||
vgmstream
|
vgmstream
|
||||||
gallery-dl
|
gallery-dl
|
||||||
yt-dlp
|
yt-dlp
|
||||||
|
youtube-dl
|
||||||
ffmpeg-full
|
ffmpeg-full
|
||||||
|
|
||||||
git
|
git
|
||||||
|
@ -90,7 +94,7 @@
|
||||||
#tldr
|
#tldr
|
||||||
entr
|
entr
|
||||||
axel aria
|
axel aria
|
||||||
bat
|
bat bat-extras.batman # TODO: condition on programs.bat.enable
|
||||||
xe # xargs alternative
|
xe # xargs alternative
|
||||||
sd # sed alternative
|
sd # sed alternative
|
||||||
fd # find alternative
|
fd # find alternative
|
||||||
|
@ -100,9 +104,12 @@
|
||||||
jq
|
jq
|
||||||
yq
|
yq
|
||||||
htmlq
|
htmlq
|
||||||
|
just
|
||||||
sysz
|
sysz
|
||||||
du-dust # du alternative
|
du-dust # du alternative
|
||||||
ncdu # Disk usage analyzer with an ncurses interface
|
ncdu # Disk usage analyzer with an ncurses interface
|
||||||
|
xplr # tui file explorer
|
||||||
|
aha
|
||||||
|
|
||||||
mesa-demos
|
mesa-demos
|
||||||
cage
|
cage
|
||||||
|
@ -112,10 +119,12 @@
|
||||||
|
|
||||||
librespeed-cli
|
librespeed-cli
|
||||||
|
|
||||||
|
cachix
|
||||||
nix-template
|
nix-template
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
nixpkgs-review
|
nixpkgs-review
|
||||||
manix
|
manix
|
||||||
|
comma
|
||||||
|
|
||||||
(python3.withPackages (python-packages: with python-packages; [
|
(python3.withPackages (python-packages: with python-packages; [
|
||||||
requests
|
requests
|
||||||
|
@ -176,6 +185,10 @@
|
||||||
gfr = "git pull --rebase";
|
gfr = "git pull --rebase";
|
||||||
gp = "git pull --rebase --autostash";
|
gp = "git pull --rebase --autostash";
|
||||||
|
|
||||||
|
# bat - TODO: condition these on programs.bat.enable ?
|
||||||
|
cat = "bat --style=plain --paging=never";
|
||||||
|
man = "batman";
|
||||||
|
|
||||||
python = "ptpython"; # this has too many problems...
|
python = "ptpython"; # this has too many problems...
|
||||||
cpython = "python";
|
cpython = "python";
|
||||||
|
|
||||||
|
@ -184,6 +197,8 @@
|
||||||
http-server = "${pkgs.python3}/bin/python -m http.server";
|
http-server = "${pkgs.python3}/bin/python -m http.server";
|
||||||
|
|
||||||
manix-fzf = ''manix "" 2>/dev/null | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview="manix '{}'" | xargs manix'';
|
manix-fzf = ''manix "" 2>/dev/null | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview="manix '{}'" | xargs manix'';
|
||||||
|
|
||||||
|
nixpkgs-review = ''mkdir -p /dev/shm/nixpkgs-review && ln -sfn /dev/shm/nixpkgs-review $HOME/.cache/nixpkgs-review && nixpkgs-review'';
|
||||||
};
|
};
|
||||||
programs.bash.enable = true;
|
programs.bash.enable = true;
|
||||||
#programs.bash.enableCompletion = true;
|
#programs.bash.enableCompletion = true;
|
||||||
|
@ -212,10 +227,28 @@
|
||||||
programs.exa.enable = true;
|
programs.exa.enable = true;
|
||||||
programs.exa.enableAliases = true;
|
programs.exa.enableAliases = true;
|
||||||
programs.direnv.enable = true;
|
programs.direnv.enable = true;
|
||||||
programs.just.enable = true;
|
|
||||||
#programs.mpv.bindings
|
#programs.mpv.bindings
|
||||||
#programs.mpv.config
|
#programs.mpv.config
|
||||||
|
|
||||||
|
# TODO: implement programs.bat.enableAliases
|
||||||
|
programs.bat = {
|
||||||
|
enable = true;
|
||||||
|
themes.railscast = builtins.readFile (pkgs.fetchFromGitHub {
|
||||||
|
owner = "jeromedalbert";
|
||||||
|
repo = "sublime-text-railscasttextmate-theme";
|
||||||
|
rev = "0a4861f35e72f9ad4cc1cac42730ea563be2ffd3";
|
||||||
|
hash = "sha256-1Ml5vqP9r6oCfLhaNGPQJXS8e7utxQQycIm3Hk9wE3w=";
|
||||||
|
} + "/railscast-textmate.tmtheme");
|
||||||
|
config.theme = "railscast";
|
||||||
|
#config.style = "plain";
|
||||||
|
config.map-syntax = [
|
||||||
|
"poetry.toml:Toml"
|
||||||
|
"flake.lock:Json"
|
||||||
|
];
|
||||||
|
# only in unstable as of 22.11:
|
||||||
|
#extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
|
||||||
|
};
|
||||||
|
|
||||||
/**/
|
/**/
|
||||||
# TODO: upstream this
|
# TODO: upstream this
|
||||||
programs.micro.enable = true;
|
programs.micro.enable = true;
|
||||||
|
@ -259,13 +292,21 @@
|
||||||
#xdg.desktopEntries
|
#xdg.desktopEntries
|
||||||
|
|
||||||
gtk.enable = true; # TODO: only if programs.dconf is enabled
|
gtk.enable = true; # TODO: only if programs.dconf is enabled
|
||||||
gtk.theme.name = "vimix-dark-ruby";
|
#gtk.theme.name = "vimix-dark-ruby"; # TODO: keep vimix as gnome-shell theme?
|
||||||
gtk.theme.package = pkgs.vimix-gtk-themes;
|
#gtk.theme.package = pkgs.vimix-gtk-themes;
|
||||||
|
gtk.theme.name = "Colloid-Dark";
|
||||||
|
gtk.theme.package = pkgs.colloid-gtk-theme;
|
||||||
gtk.iconTheme.name = "Flat-Remix-Blue-Dark";
|
gtk.iconTheme.name = "Flat-Remix-Blue-Dark";
|
||||||
gtk.iconTheme.package = pkgs.flat-remix-icon-theme;
|
gtk.iconTheme.package = pkgs.flat-remix-icon-theme;
|
||||||
|
dconf.settings."org/gnome/desktop/background" = {
|
||||||
|
"picture-uri" = "file:///mnt/reidun/Images/Wallpapers/1575232313831.jpg";
|
||||||
|
"picture-uri-dark" = "file:///mnt/reidun/Images/Wallpapers/1575232313831.jpg";
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: upstream?
|
||||||
programs.jump.enableBash = true;
|
programs.jump.enableBash = true;
|
||||||
|
|
||||||
|
/** /
|
||||||
programs.beets = {
|
programs.beets = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
@ -278,5 +319,6 @@
|
||||||
##library = "/mnt/meconium/beets_music/data.db";
|
##library = "/mnt/meconium/beets_music/data.db";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
/**/
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue